The recipe contains two CVE_CHECK_IGNORE declarations, and the second
one overwrites the first one - however the first one is also important.
Instead of overwriting it, just append them to each other. Also, move the
operations closer to each other, so it's easier to see what's going on.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
These grpc python modules contain parts of grpc core.
Each CVE needs to be assessed if the patch applies also to core parts
included in each module.
Note that so far there was never a CVE specific for python module, only
for grpc:grpc and many of those needed to be fixed at leasts in grpcio:
sqlite> select vendor, product, count(*) from products where product like '%grpc%' group by vendor, product;
grpc|grpc|21
grpck|grpck|1
linuxfoundation|grpc_swift|9
microsoft|grpconv|1
opentelemetry|configgrpc|1
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f993cb2ecb)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This is a bugfix release, with some ioctl handling fixes.
Changelog:
- Adjust the handling of SPI_IOC_RD_LSB_FIRST ioctl call
- Parameter for SPI_IOC_WR_LSB_FIRST ioctl is {0, 1}.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
2.0.4:
- Fix missing comma in JSON output.
2.0.3:
- Fix segfault when filelimit is used and tree encounters a directory it
cannot enter.
- Use += when assigning CFLAGS and LDFLAGS in the Makefile allowing
them to be modified by environment variables during make. (Ben Brown)
Possibly assumes GNU make.
- Fixed broken -x option (stops recursing.)
- Fix use after free (causing segfault) for dir/subdir in list.c
- Fixes for .gitignore functionality
- Fixed * handing in patmatch. Worked almost like ** before, now properly
stops at /'s. These issues were the result of forgetting that patmatch()
was just to match filenames to patterns, not paths.
- Patterns starting with / are actually relative to the .gitignore file,
not the root of the filesystem, go figure.
- Patterns without /'s in .gitignore apply to any file in any directory
under the .gitignore, not just the .gitignore directory
- Remove "All rights reserved" from copyright statements. A left-over from
trees original artistic license.
- Add in --du and --prune to --help output
- Fixed segfault when an unknown directory is given with -X
- Fixed output up for -X and -J options.
- Remove one reference to strnlen which isn't necessary since it may not
be available on some OS's.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The upstream site (landley.net) serves inconsistent content when using HTTP,
causing checksum mismatches during do_fetch. Using HTTPS ensures stable
downloads and resolves checksum failures.
Signed-off-by: Sanjay Chitroda <sanjayembeddedse@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This CVE is not for python-django, but for some go project
which shares the same name.
Ignore this CVE due to this.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This ancient CVE [1] is unversioned ("*") in NVD DB.
"mod_sqlpw module in ProFTPD does not reset a cached password..."
Looking at history and changelog, the module was removed [2] around
the time when this CVE was published, likely as reaction to this CVE.
"mod_sqlpw.c, mod_mysql.c and mod_pgsql.c have been REMOVED from the
distribution. They are currently unmaintained and have numerous bugs."
Note: It was later re-introduced as mod_sql when it got fixed under
new maintainer.
[1] https://nvd.nist.gov/vuln/detail/CVE-2001-0027
[2] https://github.com/proftpd/proftpd/blob/v1.3.8b/NEWS#L3362
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 03a1b56bc7)
Adapted to Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Comes with fixes for CVE-2025-14177, CVE-2025-14178 and CVE-2025-14180
Changelog:
- Curl: Fix curl build and test failures with version 8.16.
- Opcache: Reset global pointers to prevent use-after-free in zend_jit_status().
- PDO: Fixed: PDO quoting result null deref. (CVE-2025-14180)
- Standard:
* Fixed: Null byte termination in dns_get_record().
* Fixed: Heap buffer overflow in array_merge(). (CVE-2025-14178)
* Fixed: Information Leak of Memory in getimagesize. (CVE-2025-14177)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The tarball was moved to an archive server, so the link stopped
working. Update it to the new location.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The tarball was moved to a new folder in the SourceForge project,
and the original convenience link stopped working.
Use the direct link instead.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
The original link stopped working.
I have compared the original tarball's content with this revision: the contents
are bit-identical to each other. The only difference is that the original
tarball came with an extra "debian/control" file which is not present in
the git repository, but it not using for compiling.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Gyorgy Sarvari
Jeroen Hofstee
Vijay Anusuri
wangmy
Jason Schonberg
Peter Marko
Sanjay Chitroda
Ankur Tyagi